CybeReady today released "The State of Security Awareness Training", a new white paper highlighting executive concerns with phishing, business email compromise (BEC) and the unsatisfactory results organizations are experiencing despite an increase in investment and effort. This paper is based on findings from the Osterman Research white paper, "The ROI of Security Awareness Training". 

According to Osterman Research's recent study, which surveyed 230 respondents at organizations with a median of 1,006 employees from May-June 2019, phishing attacks topped the list of concerns for decision makers with nearly 75 percent of executives citing phishing emails as the most significant threat. The same group of executive's regard training as a better way to deal with this threat. Despite all this, approximately 60 percent of users receive training about less than once a quarter - meaning organizations aren't being adequately trained even with current solutions.

"Security awareness training should be a key element of any organization's security posture. However, there is currently a gap in the awareness training market which needs to be filled with more effective solutions," said Michael Osterman, founder of Osterman Research. "Just like the right technology, such as firewalls or endpoint detection and response solutions, can protect an organization's data and financial assets from theft or destruction, so can the right employee training. A good security awareness training program can provide a significant ROI and pay for itself in a relatively short time."

Key takeaways from the CybeReady paper include:

• 75% of security decision makers are highly concerned with phishing attacks
• 58% of decision makers view awareness training as superior to technology solutions when dealing with phishing
• Awareness training budgets are increasing faster than security budgets
• Employees receive additional training minutes, yet most awareness training programs fail to demonstrate change in employee behavior towards phishing attacks
• Better awareness program should include continuous, data-driven training with adaptive and customized capabilities
• A more effective training program does not mean more dollars or training time, but rather a training program that engages employees without taxing security teams
  

"After failing a phishing simulation, employees spend approximately 30 seconds to understand what they did wrong," said Shlomi Gian, CEO of CybeReady. "An effective training program should run continuously, be focused and memorable. The recently released Osterman Research report is another piece of evidence that existing programs do not address this need and enterprises keep spraying and praying."

CybeReady provides autonomous security training platform that guarantees a change in employee behavior. According to CybeReady, optimal ROI is received when the program it is tailored to the individual employee. CybeReady's machine learning capabilities send out fully customizable messages at different times once a month that blend in with each employee's work via email. For more information on CybeReady, please visit www.cybeready.com.

To download CybeReady's "The State of Security Awareness Training" white paper, please visit here. To obtain access to Osterman Research's whitepaper, please visit here.